Kofi Anash 
Updated September 29th, 2019
Update – Darknetstats wins again. We were the first one to break the story that dread was compromised. Now we see that darkfail and its sister site darknetlive are spreading fake fabricated stories about “deadman switch” and hugbunter’s whereabouts which is absurd and has nothing to do with reality. It seems like our article triggered the so called “deadman switch”. We suspect that they will announce the return of hugbunter in the next few days. Don’t forget the Hansa Episode when Dutch law enforcement took over it and operated it for 1 month. We urge you to stay away from dread as much as possible. It’s compromised.
Dread, A reddit style deepweb forum has been allegedly compromised by law enforcement according to the reports from insiders working closely with their admin. We are trying to independently verify their claims. The forum has been offline for weeks, leaving its users wondering about the future of the site and whereabouts of its admin “Hugbunter”.
Dread Downtime
The dread forum suffered several downtimes in its life span due to ddos attacks. These downtimes were 1 to 2 days maximum and the users were informed about the status through their reddit’s page.
This time things were a bit different as compared to the previous downtimes. The downtime started at september 12th. The site went offline for 2 days but then the admin updates the status on september 14th that the site will be up today. He was right the site was up for some hours and then it went offline again.
This is when it goes offline for 4 days straight. There was no communication from the admin Hugbunter and users started to wonder about the site’s fate. That’s when Hugbunter made an announcement on reddit that the ddos attack was reponsible for the downtime has been mitigated but now they were having scalability issues and needed time to do some upgrades.
The attack was mitigated but we are now facing a scalability issue causing the current down time, upgrades that I have been trying to complete for a while to provide increased stability across the platform have proven to take much longer than expected, however they were required to prevent these issues. I will make server upgrades to avoid it temporarily within the coming hours, however I cannot assure uptime until this evening at the earliest. I sincerely apologize for the inconvenience this will cause, I’m working on it non-stop right now.
Hugbunter’s announcement on reddit
In the announcement on 18th september above he goes to say that he cannot assure uptime until this evening but things were different in reality.
Four days passed by and we heard nothing from him. Then on 23rd September we see a notice on their forum which says
Working on a huge update to provide increased stability as the platform grows further and will reduce a whole lot of spam and phishing. The update includes a variety of bug fixes and new features and should be ready to go live by this evening. I am extremely sorry for the downtime and lack of communication right now, this is the biggest update to the codebase that I will have performed and completely restructures everything behind the scenes. Thank you for your continued patience.
Hugbunter’s announcement on dread’s front page
Now today September 27th at the time of writing this article we see the same old announcement on their front page that the forum ” should be ready to go live by this evening. ” which is of course far from reality.
Tip From A Former Mod & Close Aide Of HugBunter
As usual we keep an eye on everything dark web related and this was no exception. We already knew something was going on behind the scenes but we couldn’t get a clue what it was.
We have good amount of insider resources that keep us updated about the latest happenings related to dark web.
Yesterday we finally got a breakthrough when John Marsh (the admin of darknetstats) contacted me about the tip he got from a former dread Mod and a close aide of hugbunter. He shared the screenshots and gave me a full overview of the situation.
Former dread mod and close aide of hugbunter wanted to remain anonymous so that’s why we will not be sharing his name but we will share the message we got from him in which he states.
Hey man, i got a news for you. We haven’t be able to contact hugbunter for almost 2 weeks. Before that he was acting strangely. He was asking for my cell number and wanted to arrange a meet up. I suspect it is highly likely that he got picked up by L.E because he was talking weirdly. Never happened something like this before. Now his forum is down. I think L.E have access to his private key now and it seems like they are busy changing the code base of his forum to track down Market admins and vendors who are active at his forum.
I give you the full authority to share this with everyone but please don’t share my name. I want to remain anonymous and stay away from this mess.
Message from former dread mod and close aide of hugbunter
A screenshot of the email we received from a former dread mod and hugbunter’s aide.
Here is the screenshot of the full message we received from him yesterday.
Let’s Examine The Proof We’ve Got So Far
We need to examine the proof we’ve got so far. We need to study the proof in detail so that we can come to the conclusion. Let’s get into it step by step.
Pgp Message from Former Mod & Co-developer
The most convincing proof we’ve got is the pgp signed message from a former mod and close aide of hugbunter. By close aide we mean that he was so close to hugbunter that they were co developers of the original source code of dread. In the pgp signed message he clearly mentions the reasons that his friend has been picked up by the L.E. This is the biggest proof we got but this doesn’t stops here.
No Canary Update
What is canary? In simple words it is a pgp signed proof from the owner which proves that the server and its resources are owned by him and it is updated daily. If it is not updated in a certain time then it is a proof that the server is taken over by someone else.
According to hugbunter himself he says that he updates his canary everyday. If i don’t update the canary for a maximum of 3 days then consider the server as compromised.
Well, right now its been 12 days and we don’t see his canary updates nor do we see any pgp signed messages from sep 18th. Big Proof again.
No Relation of Server Scalability & Development Updates With Downtime
Hugbunter comes with different excuses on different time intervals. He says that he wants to improve stability across the platform so he’ll need to upgrade the code and it’ll take a few hours and then in another message he goes to say that he will apply the updates no later than evening so everything will be fine. But in reality it took weeks and still its down with no communication from him. This is a big red flag.
As a developer myself when a smaller update to the code is needed then we simply turn on the development mode and add a notice on the front end about the downtime and it usually takes no more than 1 to 2 hours. But when we need a big update to the code then we do all the development on our local server and apply the updates to the live server. This is the way every developer applies the update. So it is a clear lie and we highly suspect that there is someone else behind his servers.
Why Law Enforcement Needs to Take Over a Forum?
This is very simple to understand. They need to take it over due to the following main reasons.
- To unmask the locations of Market admins and Big Vendors advertizing their stores. When le is controlling the source then they can get the real ip without any problem. There are lots of ways to get the real ip of tor users for a reference you can read iovation or threat metrix’s patents or informative pages.
- To get analytics and read the darknet user’s behaviours
- To get important information about how darknet users operate, read their personal messages and use the data to prosecute them
- To bring down the morale of darknet users
- To spread fear and uncenrtainity
Conclusion
At this point we’ve got overwhelming proof and we are safe to say that Dread is taken over by law enforcement. But we will need even more proof which we hope we will get as the time passes. We will update this article soon.
In the meantime we advise you to use all safety practices as you can. Always use pgp to encrypt your message. Use our easy pgp tutorial if you don’t know much about pgp. Also use a vpn with tor, keep the security level of tor to “safest” and disable js in tor by writing about:config and writing javascript and double clicking javascript.enabled to change its status from true to false.
Stay safe guys
Kofi Anash
Investigative Journalist
@ Darknetstats
Look I totally agree with your article, the behavior of both DREAD and most of all HUGBUNTER suggests that things are not as per normal with the DREAD FORUM.. BUT with that said, a L.E. takeover doesn’t appear to be the reason (in my opinion that is) and I am saying that because look @ the takeover of HANSA MARKET & why was it so successful? because the L.E. officers make sure its users had no idea that anything had changed so everyone presumed it was business as normal. Now compare that to the last 2 months of DREAD my goodness honestly they couldn’t have done any more to scream out “SOMETHING IS UP @ DREAD FORUM” I mean HUGBUNTER broke EVERY SINGLE CANARY that HE TOLD US TO NOT IGNORE WHEN HE FOUNDED THE SITE” My point is, IF L.E. has taken over they either gonna
1. keep everything normal and run a covert operation to get people to self DOX
OR
2. Shut the site and let everyone know that another one bites the dust, and L.E. is GOD
Not weird shit that DREAD is doing at the moment…
thats my opinion
Anyone agree?
What do you all think now that IT’S BACK!!! And now down again?
Whatever you do friends don’t ever join “envoy forum” it is run by witchman05 a former mod of hugbunter. Consider this forum compromised too because witchman05 was also missing for 15 days and then he gave us the excuse that he was involved in a accident, which is total bullshit.
The only legit forum is “The Hub”. It is the oldest and most respected forum still available for everyone. It exists since Sr1 days. Everyone should join it instead of envoy which is run by le.
You people are so naive! hugbunter has cooperated with LE. He knew the LE had infiltrated subs like AusDNM and he didn’t do anything about it. hugbunter is part of a group that took down several rival websites and operated dark markets such as nightmare and empire. Dread has been offline because darknetstats revealed the link between dark.fail and hugbunter and the fact that dark.fail is responsible for so many phishing problems on empire.
The most concerning thing for me is that if dread is under control of le then they will silently start gathering evidence against vendors and market admins and use it to prosecute them in court. I still remember how dutch le used hansa market as honeypot to trap so many vendors and sent them to jail. This is very alarming situation.
I suspect someone will be starting to empty wallets of the shops he made for vendors. I hope not……..
Note to the vendors, empty your shop wallets asap otherwise someone else will empty them for you.
I think he ran away with all the shop owners and advertisers money. Last i heard there were reports of unfinished shops that he was reluctant to complete. and then there are advertisers that he got advance from but wasn’t running their ads. Anyway good riddance.
Under LE control for a little over a year. Notice they made Witchman05 and TimothyLearr/SamCulper global mods. Your talking about an account that is a year old AND someone that was known to beg for market roles on reddit and linked his clearnet reddit account 2 years ago..
I hope hugbunter is not arrested. If he is arrested then its a very bad news for Market Admins and The Store Owners alike, this is going to put alot of them behind bars. Very very Bad news.
I always keep an eye on canary updates. Hugbunter was a responsible person when it came to canary updates. He always updated the canary on time. For someone like him No canary update for so long is definitely a Big Red Flag. There are 2 logical scenarios here. 1: It is either he is in le custody or 2: he is in a life or death situation. I think the 1st one is more likely.
Dread was a useless place filled with drama and stay at the home trolls that has nothing to do in their life. I think its better for the community that we got rid of this place. I hope something useful replaces it that can help improve the community instead of destroying it.
lol “Deadman switch” wtf is this? Is this some kind of james bond shit???????
I never liked this guy. He always censored my posts. Dread was never a platform of free speech. When someone talked against him or darkfail then his accounts got blocked automatically without any notice. I am happy that fucker is behind bars (i hope so).
I already knew something fishy was going on. No one leaves the forum like this for so many days.